--- /dev/null
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -1480,10 +1480,10 @@ static int gssapi_client_mech_step(void
+ }
+
+ /* Setup req_flags properly */
+- req_flags = GSS_C_INTEG_FLAG;
++ req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+ if (params->props.max_ssf > params->external_ssf) {
+ /* We are requesting a security layer */
+- req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
++ req_flags |= GSS_C_INTEG_FLAG;
+ /* Any SSF bigger than 1 is confidentiality. */
+ /* Let's check if the client of the API requires confidentiality,
+ and it wasn't already provided by an external layer */
--- /dev/null
+--- a/plugins/gssapi.c
++++ b/plugins/gssapi.c
+@@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const str
+ }
+
+ if (output_token->value && output) {
+- unsigned char * p = (unsigned char *) text->encode_buf;
++ int len;
+
+ ret = _plug_buf_alloc(text->utils,
+ &(text->encode_buf),
+@@ -384,11 +384,8 @@ sasl_gss_encode(void *context, const str
+ return ret;
+ }
+
+- p[0] = (output_token->length>>24) & 0xFF;
+- p[1] = (output_token->length>>16) & 0xFF;
+- p[2] = (output_token->length>>8) & 0xFF;
+- p[3] = output_token->length & 0xFF;
+-
++ len = htonl(output_token->length);
++ memcpy(text->encode_buf, &len, 4);
+ memcpy(text->encode_buf + 4, output_token->value, output_token->length);
+ }
+
--- /dev/null
+--- a/saslauthd/auth_rimap.c
++++ b/saslauthd/auth_rimap.c
+@@ -1,3 +1,4 @@
++
+ /* MODULE: auth_rimap */
+
+ /* COPYRIGHT
+@@ -367,6 +368,30 @@ auth_rimap (
+ alarm(NETWORK_IO_TIMEOUT);
+ rc = read(s, rbuf, sizeof(rbuf));
+ alarm(0);
++ if ( rc>0 ) {
++ /* check if there is more to read */
++ fd_set perm;
++ int fds, ret;
++ struct timeval timeout;
++
++ FD_ZERO(&perm);
++ FD_SET(s, &perm);
++ fds = s +1;
++
++ timeout.tv_sec = 1;
++ timeout.tv_usec = 0;
++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++ if ( FD_ISSET(s, &perm) ) {
++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++ if ( ret<0 ) {
++ rc = ret;
++ break;
++ } else {
++ rc += ret;
++ }
++ }
++ }
++ }
+ if (rc == -1) {
+ syslog(LOG_WARNING, "auth_rimap: read (banner): %m");
+ (void) close(s);
+@@ -456,6 +481,30 @@ auth_rimap (
+ alarm(NETWORK_IO_TIMEOUT);
+ rc = read(s, rbuf, sizeof(rbuf));
+ alarm(0);
++ if ( rc>0 ) {
++ /* check if there is more to read */
++ fd_set perm;
++ int fds, ret;
++ struct timeval timeout;
++
++ FD_ZERO(&perm);
++ FD_SET(s, &perm);
++ fds = s +1;
++
++ timeout.tv_sec = 1;
++ timeout.tv_usec = 0;
++ while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
++ if ( FD_ISSET(s, &perm) ) {
++ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
++ if ( ret<0 ) {
++ rc = ret;
++ break;
++ } else {
++ rc += ret;
++ }
++ }
++ }
++ }
+ (void) close(s); /* we're done with the remote */
+ if (rc == -1) {
+ syslog(LOG_WARNING, "auth_rimap: read (response): %m");
+--- a/lib/checkpw.c
++++ b/lib/checkpw.c
+@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
+ /* Timeout. */
+ errno = ETIMEDOUT;
+ return -1;
+- case +1:
+- if (FD_ISSET(fd, &rfds)) {
+- /* Success, file descriptor is readable. */
+- return 0;
+- }
+- return -1;
+ case -1:
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+ default:
++ if (FD_ISSET(fd, &rfds)) {
++ /* Success, file descriptor is readable. */
++ return 0;
++ }
+ /* Error catch-all. */
+ return -1;
+ }
Summary(uk.UTF-8): Бібліотека Cyrus SASL
Name: cyrus-sasl
Version: 2.1.25
-Release: 2
+Release: 3
License: distributable
Group: Libraries
Source0: ftp://ftp.cyrusimap.org/cyrus-sasl/%{name}-%{version}.tar.gz
Patch14: %{name}-ac-libs.patch
Patch15: %{name}-pam.patch
Patch16: %{name}-gssapi_ext.patch
+Patch17: 0032-revert_1.103_revision_to_unbreak_GSSAPI.patch
+Patch18: 0033-fix_segfault_in_GSSAPI.patch
+Patch19: 0034-fix_dovecot_authentication.patch
URL: http://asg.web.cmu.edu/sasl/
BuildRequires: autoconf >= 2.54
BuildRequires: automake >= 1:1.7
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
cd doc
echo "cyrus-sasl complies with the following RFCs:" > rfc-compliance
projects / packages / cyrus-sasl.git / commitdiff